[Techtalk] 802.11b

Raven Alder raven at oneeyedcrow.net
Fri Jul 26 15:32:52 EST 2002 

Heya --

Quoth coldfire (Fri, Jul 26, 2002 at 12:35:58PM -0400):
> > > 3.	I get the impression adding the 802 card to this sever is 
> > > like by-passing my firewall. 
> >
> > 	Only if you don't use encryption...

	Also make sure to explicitly disable routing on that device, so
that it doesn't inadvertently act as a router between your wired and
wireless networks.  (If you want it to do that, enable it, but set up
appropriate firewall rules on that box.  Most people don't want the box
to act as a router, though.)

> i could go on for days about wireless security :)  wep encryption is
> very flawed.  it could drive off any potential eavesdroppers just as
> quickly as it can grab their attention.  some people just set out to find
> networks with wep and crack the keys.  personally, i would test the
> throughput with wep disabled, then with wep enabled.  if there is no
> significant speed decrease, why not use it?

	Yeah.  It's by no means a full security solution, but turning it
on will at least be a speed bump to a potential attacker.
(Unfortunately, for a dedicated attacker it will only be a speed bump.
But hey, at least you're discouraging a few script kiddies.)

	The real danger of WEP is that it makes people feel safe ("Look!
I'm using encryption!  It must be secure now!") and they slack on other
parts of securing the network.  So when that encryption is crackable,
they're completely hosed.
 
> as for means of authentication, mac address authentication is incredibally
> weak.  sniffing the airwaves for mac addresses and then spoofing them is
> easier than cracking wep.

	Ditto for having your access point not broadcast its station
identifier.  Anyone who can use Aerosniff or a similar program can get
the station ID from a sniffed session.  Like WEP, restricting access to
certain MACs and having your SSID not broadcast are generally not
harmful and may even help somewhat, but they won't keep you safe.  

> on my wireless network, i implement ipsec and ssh tunnels to make sure all
> airwaves are safe.
 
	Why both?  (Unless you're just used to using ssh in general.)
IPsec alone should be enough to encrypt all the traffic flowing across
the wireless LAN.  And because it's a network-layer encryption, it'll do
all your IP traffic.

	Mind you, I'm a big fan of ssh.  I'm just curious as to how/why
you're using it in conjunction with IPsec.

Cheers,
Raven 
 
"There is no middle ground/ Or that's how it seems,
 For us to walk or to take.
 Instead we tumble down/ Either side left or right,
 To love or to hate."
  -- Peter Murphy, "A Strange Kind of Love"

More information about the Techtalk mailing list